A PortletSecurityManager is the access controller for a portlet. If the Portlet
restricts its capabilities in any manner it implements a PortletSecurityManager.
The manager is responsible for authorizing (but not authenticating) the user.
There are two authorization levels. The first level checks whether the user
is authorized to use this Portlet. The second level checks whether the user
is authorized to use a particular instance of this Portlet.

hasAccess

Verifies whether the user is authorized to use this particular portlet
instance. Generally, this check will only be made of the default instance
as it is assumed you cannot be denied access to the default while having
access to the customized instance, and in turn must always have access
to your customized version if you have access to the default. However,
if asked to authorize a particular instance the PortletNotFoundException
should be thrown if that instance doesn't exist (even if the default does).